Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
devel:documentation:security:dev:authentication [2020/06/15 11:12] kopro [Actual list of authenticators] since edit |
devel:documentation:security:dev:authentication [2020/08/31 13:43] (current) kopro fix proepry |
| |
=== DefaultAccAuthenticator === | === DefaultAccAuthenticator === |
| |
| <note important>This authenticator is from version 10.4.0 deprecated. Please use DefaultAccMultipleSystemAuthenticator. The configuration properties will be removed.</note> |
| |
[[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccAuthenticator.java|DefaultAccAuthenticator]] checks the [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-api/src/main/java/eu/bcvsolutions/idm/core/security/api/dto/LoginDto.java|LoginDto]] against an end system. Users use their internal IdM login and their password from the end system. | [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccAuthenticator.java|DefaultAccAuthenticator]] checks the [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-api/src/main/java/eu/bcvsolutions/idm/core/security/api/dto/LoginDto.java|LoginDto]] against an end system. Users use their internal IdM login and their password from the end system. |
<code> | <code> |
# ID system against which to authenticate | # ID system against which to authenticate |
idm.sec.security.auth.systemId= | idm.sec.security.auth.system= |
</code> | </code> |
| |
First, the authenticator tries to find an end system with given UUID. If such system doesn't exist, the authentication returns NULL. Otherwise, the authenticator finds the mapped attribute of the system which is marked as ''Authentication attr.''. | First, the authenticator tries to find an end system with given UUID. If such system doesn't exist, the authentication returns NULL. Otherwise, the authenticator finds the mapped attribute of the system which is marked as ''Authentication attr.''. |
| |
{{:navrh:01.png|}} | {{:navrh:01.png|}} |
| |
The result type of this authenticator is **SUFFICIENT**. It's order is **10**, which means that this authenticator would be processed after [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/security/authentication/impl/DefaultCoreAuthenticator.java|DefaultCoreAuthenticator]] | The result type of this authenticator is **SUFFICIENT**. It's order is **10**, which means that this authenticator would be processed after [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/security/authentication/impl/DefaultCoreAuthenticator.java|DefaultCoreAuthenticator]] |
| |
<note important>The authentication against an end system uses the system, which is defined as UUID in the configuration attribute **idm.sec.security.auth.systemId=**</note> | <note important>The authentication against an end system uses the system, which is defined as UUID in the configuration attribute **idm.sec.security.auth.system=**</note> |
| |
<note important>If you want to authenticate against LDAP system, it's **necessary** to add the name of the authentication attribute (e.g. dn, or uid) to the field **Account User Name Attributes** in the system configuration, see the picture.</note> | <note important>If you want to authenticate against LDAP system, it's **necessary** to add the name of the authentication attribute (e.g. dn, or uid) to the field **Account User Name Attributes** in the system configuration, see the picture.</note> |
[[https://github.com/bcvsolutions/CzechIdMng/blob/okopr/2046-authentication-against-multiple-systems/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccMultipleSystemAuthenticator.java|DefaultAccMultipleSystemAuthenticator]] has same behavior as [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccAuthenticator.java|DefaultAccAuthenticator]] but is allowed more system for authentication than one. Authenticator is placed between **DefaultAccAuthenticator** and **DefaultCoreAuthenticator**, more priority has original authenticator **DefaultAccAuthenticator**. | [[https://github.com/bcvsolutions/CzechIdMng/blob/okopr/2046-authentication-against-multiple-systems/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccMultipleSystemAuthenticator.java|DefaultAccMultipleSystemAuthenticator]] has same behavior as [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccAuthenticator.java|DefaultAccAuthenticator]] but is allowed more system for authentication than one. Authenticator is placed between **DefaultAccAuthenticator** and **DefaultCoreAuthenticator**, more priority has original authenticator **DefaultAccAuthenticator**. |
| |
<note tip>All behavior with authentication is same as original **DefaultAccAuthenticator**.</note> | <note tip>All behavior with authentication is same as original **DefaultAccAuthenticator**. The original authenticator is now deprecated. Please use the newer.</note> |
| |
The end systems are defined with configuration properties. For example: | The end systems are defined with configuration properties. For example: |
<code> | <code> |
idm.sec.acc.security.auth.order1.systemId=e6a8b1e7-d656-47ae-aa2d-1062d1583c1a | idm.sec.acc.security.auth.order1.system=e6a8b1e7-d656-47ae-aa2d-1062d1583c1a |
idm.sec.acc.security.auth.order2.systemId=ea86a399-9b26-4f75-9b3a-d3f0049031ef | idm.sec.acc.security.auth.order2.system=ea86a399-9b26-4f75-9b3a-d3f0049031ef |
idm.sec.acc.security.auth.order3.systemId= | idm.sec.acc.security.auth.order3.system= |
idm.sec.acc.security.auth.order4.systemId= | idm.sec.acc.security.auth.order4.system= |
idm.sec.acc.security.auth.order5.systemId=eb24ee1e-da69-4e8a-8b7d-8e41691f09e4 | idm.sec.acc.security.auth.order5.system=SystemAD - User |
idm.sec.acc.security.auth.order6.systemId= | idm.sec.acc.security.auth.order6.system= |
idm.sec.acc.security.auth.order7.systemId=e6a8b1e7-d656-47ae-aa2d-1062d1583c1a | idm.sec.acc.security.auth.order7.system=e6a8b1e7-d656-47ae-aa2d-1062d1583c1a |
idm.sec.acc.security.auth.order8.systemId= | idm.sec.acc.security.auth.order8.system= |
idm.sec.acc.security.auth.order9.systemId=71fcccb6-5865-48e6-8fba-3d4d963d9f45 | idm.sec.acc.security.auth.order9.system=LDAP User 2 |
</code> | </code> |
| |